Class ComputeEngineCredentials (1.6.1)
Stay organized with collections
Save and categorize content based on your preferences.
publicclass ComputeEngineCredentialsextendsGoogleCredentialsimplementsServiceAccountSigner,IdTokenProviderOAuth2 credentials representing the built-in service account for a Google Compute Engine VM.
Fetches access tokens from the Google Compute Engine metadata server.
These credentials use the IAM API to sign data. See #sign(byte[]) for more details.
Inherited Members
Static Methods
create()
publicstaticComputeEngineCredentialscreate()Create a new ComputeEngineCredentials instance with default behavior.
ComputeEngineCredentials
new ComputeEngineCredentials
getIdentityDocumentUrl()
publicstaticStringgetIdentityDocumentUrl()getMetadataServerUrl()
publicstaticStringgetMetadataServerUrl()getMetadataServerUrl(DefaultCredentialsProvider provider)
publicstaticStringgetMetadataServerUrl(DefaultCredentialsProviderprovider)provider
com.google.auth.oauth2.DefaultCredentialsProvidergetServiceAccountsUrl()
publicstaticStringgetServiceAccountsUrl()getTokenServerEncodedUrl()
publicstaticStringgetTokenServerEncodedUrl()getTokenServerEncodedUrl(DefaultCredentialsProvider provider)
publicstaticStringgetTokenServerEncodedUrl(DefaultCredentialsProviderprovider)provider
com.google.auth.oauth2.DefaultCredentialsProvidernewBuilder()
publicstaticComputeEngineCredentials.BuildernewBuilder()Methods
createScoped(Collection<String> newScopes)
publicGoogleCredentialscreateScoped(Collection<String>newScopes)Clones the compute engine account with the specified scopes.
createScoped(Collection<String> newScopes, Collection<String> newDefaultScopes)
publicGoogleCredentialscreateScoped(Collection<String>newScopes,Collection<String>newDefaultScopes)Clones the compute engine account with the specified scopes.
equals(Object obj)
publicbooleanequals(Objectobj)getAccount()
publicStringgetAccount()Returns the email address associated with the GCE default service account.
getScopes()
publicfinalCollection<String>getScopes()hashCode()
publicinthashCode()idTokenWithAudience(String targetAudience, List<IdTokenProvider.Option> options)
publicIdTokenidTokenWithAudience(StringtargetAudience,List<IdTokenProvider.Option>options)Returns a Google ID Token from the metadata server on ComputeEngine
options
List<Option>list of Credential specific options for the token. For example, an IDToken for a
ComputeEngineCredential could have the full formatted claims returned if
IdTokenProvider.Option.FORMAT_FULL) is provided as a list option. Valid option values are:
IdTokenProvider.Option.FORMAT_FULL
IdTokenProvider.Option.LICENSES_TRUE
If no options are set, the defaults are "&format=standard&licenses=false"
IdToken
IdToken object which includes the raw id_token, JsonWebSignature
IOException
if the attempt to get an IdToken failed
refreshAccessToken()
publicAccessTokenrefreshAccessToken()Refresh the access token by getting it from the GCE metadata server
sign(byte[] toSign)
publicbyte[]sign(byte[]toSign)Signs the provided bytes using the private key associated with the service account.
The Compute Engine's project must enable the Identity and Access Management (IAM) API and the instance's service account must have the iam.serviceAccounts.signBlob permission. See Also: Blob Signing
toSign
byte[]bytes to sign
byte[]
signed bytes
toBuilder()
publicComputeEngineCredentials.BuildertoBuilder()toString()
publicStringtoString()